The activity log is a read-only history. Events are recorded as they happen;
you cannot edit or delete them. This makes the log a dependable source for
reviews and investigations.
What gets recorded
Each entry captures a single event and the context around it. The log brings together several kinds of events in one place:Administrator actions
Changes administrators make in the console - creating and editing users,
groups, applications, policies, roles, and settings.
Sign-in outcomes
The results of sign-in decisions, so you can see whether access was granted
or denied and follow a person’s recent activity.
Lifecycle changes
Events as people and access move through their lifecycle - for example a
user becoming active or suspended, or access being granted and removed.
Reading the log
The activity list shows one row per event, sorted with the most recent first. Each row summarizes the event across these columns:| Column | What it tells you |
|---|---|
| Occurred at | When the event happened. |
| Instigator | Who or what initiated the event. |
| Subject type | The kind of object the event acted on, such as a user, group, or application. |
| Subject name | The specific object the event acted on. |
| Action | What was done. |
| Status | The outcome of the event. |
Filtering to what matters
The activity log can grow quickly, so Iru gives you a filter bar above the list. Build a filter on one or more fields to narrow the view:- Occurred at - restrict to a time window.
- Instigator - focus on a specific administrator.
- Subject type and subject name - focus on a kind of object, or one object in particular.
- Action - focus on a kind of change.
- Status - separate successful events from failures.
Save reusable views
When you find a filter you return to often, save it as a reusable view so you can reopen it with one click instead of rebuilding the conditions each time.Build the filter
Add the conditions you want in the filter bar until the list shows the
events you care about.
Save it as a view
Save the current filter as a named view. It joins your list of saved views
for the activity log.
Saved views are available across Iru wherever you filter lists. For example,
you can save views for your applications list in the same way. A view stores a
filter you defined; it does not change which events are recorded.
Using the log for audit
Because every significant event is captured with its instigator, subject, action, outcome, and the exact fields that changed, the activity log doubles as an audit trail. A few practices make it more useful:Establish a regular review
Establish a regular review
Save a view for high-signal events - failed sign-ins, role changes, or
changes to authentication policies - and review it on a schedule so nothing
unusual goes unnoticed.
Investigate a specific change
Investigate a specific change
Filter by subject name to pull the full history of one user, group, or
application, then expand individual events to see precisely what changed and
who changed it.
Trace a sign-in
Trace a sign-in
Filter by instigator and status to follow a person’s recent sign-in
outcomes when you are troubleshooting access or responding to a report.
For how Iru protects your data and the controls behind your tenant, see
Security and privacy.
Related
Administrators & roles
Control who can administer Iru Identity and what each administrator can do.
Authentication policies
See the policies that produce the sign-in outcomes recorded here.